A computer-security company said that a proprietary data set containing personal information on nearly 200 million American voters and their predicted voting behavior was left unprotected online, in a large cache of spreadsheets and other electronic files.

According to security company UpGuard, the information, which was available on a public server accessible by anyone via the internet, was compiled by consulting firm Deep Root Analytics, which helps Republican campaigns choose which voters to target with TV advertising.

The voter records, which are public information, were augmented with proprietary analysis about voter behavior by Deep Root, which tries to predict voters’ policy preferences and how likely they are to choose a particular candidate.

Beyond paying customers, that kind of information could be valuable to rival campaigns or even foreign entities trying to determine how to persuade American voters, according to elections experts.

The discovery of the unprotected voter information comes as the integrity of American elections has become a top concern in state capitols and in Washington. Federal investigators and congressional panels are probing Russia’s alleged meddling in the 2016 election, and U.S. and state officials have taken steps to safeguard elections from potential hacking and other interference.

The information was found on a publicly accessible cloud server, said Chris Vickery, an analyst with cybersecurity company UpGuard. He said he discovered the information on June 12 after trying different combinations of letters for web addresses that he thought might point to the information. Mr. Vickery is a specialist in searching for exposed information using this technique, known as “cloud fuzzing,” to help secure sensitive information.

The voter information, portions of which were reviewed by The Wall Street Journal, includes the names and other personally identifying information about 198 million registered voters, which would appear to be nearly all of the estimated registered voters in the U.S., the company found. The information includes dates of birth, mailing addresses and party affiliation, as well as self-reported racial demographics, according to Mr. Vickery, but didn’t include social security numbers or financial information.

Mr. Vickery, who has a history of discovering sensitive information exposed on the internet, said his most recent find is “quite possibly the biggest I’ve ever had.”

In all, 1.1 terabytes of personal information were found on the server owned by Deep Root Analytics, he said.

Registration information about individual voters is available from state and county election boards to anyone who requests it, though compiling it all in one place would take a significant amount of time and labor, and it wouldn’t contain any predictions about voter behavior.

In a statement, Deep Root Analytics acknowledged the exposure.

The company “has become aware that a number of files within our online storage system were accessed without our knowledge,” the statement said. The company added that “to the best of our knowledge,” the information that was accessed consisted of proprietary analysis “as well as voter data that is publicly available and readily provided by state government offices. Since this event has come to our attention, we have updated the access settings and put protocols in place to prevent further access. We take full responsibility for this situation.”

Deep Root Analytics said it had hired a cybersecurity firm, Stroz Friedberg, “to conduct a thorough investigation,” adding that “based on the information we have gathered thus far, we do not believe that our systems have been hacked.”

Mr. Vickery said that he notified federal authorities and that the information is no longer publicly accessible.

In its statement, Deep Root said its initial review showed that the information was accessible because of a “recent change in access settings since June 1,” indicating that the data may not have been accessible before that date.

Mr. Vickery said that most of the files he found were updated in mid-January of 2017, but he couldn’t account for whether information was available before when he discovered it earlier this month.

The Federal Bureau of Investigation said in the past election cycle there were attempts to hack into state-level voter registration databases, some of them successful, as well as the attempted hacking of at least two companies that help to conduct electronic voting at polling places.

Deep Root Analytics’ predictive models tried to account for a range of voters’ political preferences, including how likely someone was to have voted for Barack Obama in 2012, to whether someone agreed with President Donald Trump’s foreign policy of putting “America first,” and whether they were likely to agree with him on issues related to trade and the U.S. economy, according to UpGuard’s findings.

Sen. Mark Warner (D., Va.), the vice chairman of the Senate Intelligence Committee, which is investigating Russian meddling in the 2016 election, has questioned whether Russian hackers may have tried to target persuadable voters with manufactured news stories and social media, possibly to tilt them toward voting for the Republican Mr. Trump rather than Democrat Hillary Clinton.

A report by all U.S. intelligence agencies found that the Russian government attempted to influence voters’ opinion, in part through the use of misleading stories on the RT, a Russian state-run English-language media network.

In the 2016 campaign, Deep Root Analytics was paid nearly $1 million by Jeb Bush’s campaign and an allied super PAC, Right to Rise USA, according to Federal Election Commission filings. Several congressional campaigns, including those of former New Hampshire Sen. Kelly Ayotte and Ohio Sen. Rob Portman, also paid the company, as did two major Republican super PACs linked to Senate Majority Leader Mitch McConnell: American Crossroads and Senate Leadership PAC.

America's democratic election process appeared to be the target of Russian hackers in 2016, according to some top government officials. So how could foreign actors have hacked the U.S. election and what could they do with voter information? WSJ's Shelby Holliday explains the worst case scenarios. Photo: iStock

In January 2017, then-Secretary of the Department of Homeland Security Jeh Johnson designated election infrastructure as critical to the infrastructure of the U.S., placing it under greater scrutiny—and offering the industry greater aid—from the department.

But the intended definition of “infrastructure” extends only to what is managed by a state and used to run elections, said Earl Crane, a former cybersecurity adviser to Mr. Obama and the chief executive of risk management firm Emergent. A political party or campaign would be unlikely to be subject to the Homeland Security designation, unless the analytics were part of the election-day process, he said.